fully encrypted. Because of one of the options (trial and error - can't remember which), it decrypts the packets, and directs the HTTPS request to the correct VM. The VM already had the SSL cert installed, so would recognise HTTPS requests, and the whole pageload from start to finish was encrypted.

I could visit https:// www.domain2.com and it would say the connection was partially encrypted, and would show a cert error, that the cert was for www.domain1.com

However, today, this was really interfering with the HTTP connection to domain1, and my browser was saying the page was being redirected in a way that will never complete.

I have since removed the whole SSL connection config from the config file, and I am running standard HTTP only.

Are there any ways I can get https:// www.domain1.com to read cert domain1.crt and direct to domain1's VM, and https:// www.domain2.com to read cert domain2.crt and direct to domain2's VM ?

Sorry for such a long question, but its a very specific issue I have been having, and I tried to give as much info as possible.

I don't think Squid properly supports this scenario. Better to use a more well developed reverse proxy, such as nginx, varnish, etc.
– Michael Hampton♦Nov 17 '13 at 18:17

@MichaelHampton Thanks, I wasnt aware nginx had the capabilities. I was under the impression it was a PIMPed up version of apache... A google search found me this... digitalocean.com/community/articles/… ... Looks very interesting... Thanks !
– DJ-P.I.M.PNov 17 '13 at 18:56

nginx does reverse proxying and caching and SSL termination with SNI support. It's probably your best bet if you want a single package.
– Michael Hampton♦Nov 17 '13 at 19:02

ive been trying to install nginx with SNI support on centos 6 with no joy,,, package isnt in YUM, so added repo... Didnt come with SNI support. Had major issues trying to set the flag on ./configure section, to compile with SNI... Its never easy for us programmers, is it ? :)
– DJ-P.I.M.PNov 17 '13 at 23:22

The nginx from their repo certainly supports SNI out of the box. You should start over.
– Michael Hampton♦Nov 17 '13 at 23:23

It would be better if you had servers on subdomains of a domain for which you have a wildcard certificate (e.g. s1.myserver.com, s2.myserver.com, certificate for *.myserver.com). Then you could use only one https_port entry

https_port 443 cert=/etc/ssl/wildcard.myserver.com.pem vhost

So it's possible in squid.

But such simple case is much easier to do with httpd and Name-based Virtual Hosts. You will save one public IP. In Centos 6 openssl and httpd versions support SNI. It's visible from openssl version. (See here and here)